standards guidelines

tools and techniques

ISACA Member and Certification Holder IS Audit and Assurance Guidelines
 he guidelines are designed to directly support the standards and help practitioners
T
Compliance achieve alignment with the standards. They follow the same categorisation as the
standards (also divided into three categories):
The specialised nature of information systems (IS) audit and assurance and
the skills necessary to perform such engagements require standards that apply • General guidelines (2000 series)
specifically to IS audit and assurance. The development and dissemination of the
IS audit and assurance standards are a cornerstone of the ISACA® professional • Performance guidelines (2200 series)
contribution to the audit community. • Reporting guidelines (2400 series)
IS audit and assurance standards define mandatory requirements for IS auditing.
Please note that the new guidelines are effective 1 September 2014.
They report and inform:
• IS audit and assurance professionals of the minimum level of acceptable General
performance required to meet the professional responsibilities set out in the 2001 Audit Charter
ISACA Code of Professional Ethics 2002 Organisational Independence
2003 Professional Independence
• Management and other interested parties of the profession’s expectations
2004 Reasonable Expectation
concerning the work of practitioners
2005 Due Professional Care
• Holders of the Certified Information Systems Auditor® (CISA®) designation 2006 Proficiency
of requirements. Failure to comply with these standards may result in an 2007 Assertions
investigation into the CISA holder’s conduct by the ISACA Board of Directors or 2008 Criteria
appropriate committee and, ultimately, in disciplinary action.
Performance
ITAFTM, 3rd Edition 2201 Engagement Planning
2202 Risk Assessment in Planning
(www.isaca.org/itaf) provides a framework for multiple levels of guidance: 2203 Performance and Supervision
2204 Materiality
IS Audit and Assurance Standards 2205 Evidence
The standards are divided into three categories: 2206 Using the Work of Other Experts
2207 Irregularity and Illegal Acts
• General standards (1000 series)—Are the guiding principles under which the 2208 Sampling
IS assurance profession operates. They apply to the conduct of all assignments
and deal with the IS audit and assurance professional’s ethics, independence,
objectivity and due care as well as knowledge, competency and skill. Reporting
2401 Reporting
• Performance standards (1200 series)—Deal with the conduct of the 2402 Follow-up Activities
assignment, such as planning and supervision, scoping, risk and materiality,
resource mobilisation, supervision and assignment management, audit and
assurance evidence, and the exercising of professional judgement and due care. IS Audit and Assurance Tools and Techniques
These documents provide additional guidance for IS audit and assurance
• Reporting standards (1400 series)—Address the types of reports, means of professionals and consist, among other things, of white papers, IS audit/assurance
communication and the information communicated. programs, reference books and the COBIT® 5 family of products. Tools and
techniques are listed under www.isaca.org/itaf.
Please note that the new guidelines are effective 1 September 2014.
An online glossary of terms used in ITAF is provided at www.isaca.org/glossary.
General
1001 Audit Charter
1002 Organisational Independence
1003 Professional Independence
1004 Reasonable Expectation Prior to issuing any new Standard or Guideline, an exposure draft is issued
1005 Due Professional Care internationally for general public comment.
1006 Proficiency
Comments may also be submitted to the attention of the Director of
1007 Assertions Privacy and Assurance Practices via email (standards@isaca.org); fax
1008 Criteria (+1.847. 253.1443) or postal mail (ISACA International Headquarters,
3701 Algonquin Road, Suite 1010, Rolling Meadows, IL 60008-3105,
USA).
Performance
1201 Engagement Planning
Links to current and exposed ISACA Standards, Guidelines, and Tools
1202 Risk Assessment in Planning and Techniques are posted at www.isaca.org/standards.
1203 Performance and Supervision
1204 Materiality Disclaimer: ISACA has designed this guidance as the minimum level of
1205 Evidence acceptable performance required to meet the professional responsibilities
1206 Using the Work of Other Experts set out in the ISACA Code of Professional Ethics. ISACA makes no
1207 Irregularity and Illegal Acts claim that use of these products will assure a successful outcome. The
guidance should not be considered inclusive of any proper procedures
and tests or exclusive of other procedures and tests that are reasonably
Reporting directed to obtaining the same results. In determining the propriety of
1401 Reporting any specific procedure or test, the control professionals should apply
1402 Follow-up Activities their own professional judgment to the specific control circumstances
presented by the particular systems or IS environment.

ISACA JOURNAL VOL 3 1